Home/ Questions/Q 7655621
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T12:33:32+00:00

here is the description of problem. I am develepping a web application with GWT.

  • 0

here is the description of problem. I am develepping a web application with GWT. I have successfullly integrate spring security with gwt for the authentication feature with the following code. Now I want to use the spring “method security” in my web application. So I did what it says in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html,

  • just adding <global-method-security secured-annotations="enabled"/> in the above mentionned application context file.

     <http>
  <http-basic/>

  <intercept-url pattern="/**" access=""/>

  <form-login />
  <logout />
 </http> 

  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="jimis" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN" />
        <user name="bob" password="bobspassword" authorities="ROLE_ADMIN" />
      </user-service>
    </authentication-provider>
  </authentication-manager>

  **<global-method-security secured-annotations="enabled"/>**

  • then adding the annotation @Secured(“ROLE_ADMIN”) above the function that I what to controle the access

Then I add the declaration of application context in the web.xml as following:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
              http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5"
         xmlns="http://java.sun.com/xml/ns/javaee">

 <!-- Default page to serve -->

  <welcome-file-list>
    <welcome-file>App.html</welcome-file>
  </welcome-file-list>
  <session-config>
    <session-timeout>10</session-timeout> <!-- in minutes -->
  </session-config>

<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>
      /WEB-INF/applicationContext-security.xml
  </param-value>
  </context-param>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <servlet>
    <servlet-name>appService</servlet-name>
    <servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class>
  </servlet>
  <servlet-mapping>
     <servlet-name>appService</servlet-name>
     <url-pattern>/app/appService.rpc</url-pattern>
  </servlet-mapping>

</web-app>

Note that I’ve just declared the gwt-servlet not the spring dispatcher servlet.

However it seems that this configuration doesn’t work. In fact, whatever role can have the authority to access the function.
Very Strange.
Hope your answers!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Use a single global-method-security element containing both attributes.

    Also read the relevant section of the Spring Security FAQ on issues with using method security and web controllers, if that’s what you are doing (you will also find the same issue discussed here).

    The log message you report is not an error and is unimportant unless you are using hasPermission() within your expressions.

    • 0